1 |
type: security |
2 |
subject: Updated owncloud package fixes security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2013-2150 |
5 |
- CVE-2013-2149 |
6 |
src: |
7 |
3: |
8 |
core: |
9 |
- owncloud-5.0.7-1.mga3 |
10 |
description: | |
11 |
Cross-site scripting (XSS) vulnerabilities in js/viewer.js inside the |
12 |
files_videoviewer application via multiple unspecified vectors in all |
13 |
ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote |
14 |
attackers to inject arbitrary web script or HTML via shared files |
15 |
(CVE-2013-2150). |
16 |
|
17 |
Cross-site scripting (XSS) vulnerabilities in core/js/oc-dialogs.js via |
18 |
multiple unspecified vectors in all ownCloud versions prior to 5.0.7 |
19 |
and other versions before 4.0.16 allows authenticated remote attackers |
20 |
to inject arbitrary web script or HTML via shared files (CVE-2013-2149). |
21 |
references: |
22 |
- https://bugs.mageia.org/show_bug.cgi?id=10452 |
23 |
- http://owncloud.org/about/security/advisories/oC-SA-2013-028/ |
24 |
ID: MGASA-2013-0171 |